[Secure-testing-commits] r58560 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 14 06:53:24 UTC 2017
Author: carnil
Date: 2017-12-14 06:53:24 +0000 (Thu, 14 Dec 2017)
New Revision: 58560
Modified:
data/CVE/list
Log:
Add CVE-2017-7559/undertow
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-14 06:51:17 UTC (rev 58559)
+++ data/CVE/list 2017-12-14 06:53:24 UTC (rev 58560)
@@ -32754,8 +32754,11 @@
- rhnsd <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1480550
NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e
-CVE-2017-7559
+CVE-2017-7559 [HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)]
RESERVED
+ - undertow <undetermined>
+ NOTE: For an incomplete fix of CVE-2017-2666
+ NOTE: Invalid characters were still allwed in the query string and path parameters.
CVE-2017-7558 [sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()]
RESERVED
- linux 4.12.13-1
More information about the Secure-testing-commits
mailing list